Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al.

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. A longtime threat group identified as TA558 has ramped ...

WeTransfer is being used by hackers to circumvent email gateways looking to zap malicious links. Hackers are abusing the popular file-sharing service called WeTransfer to circumvent defensive email ...

The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers. Researchers have discovered two critical bugs in ...

A fired Stradis Healthcare employee sought revenge by tampering with shipping data for desperately needed healthcare PPE. The FBI has announced that Christopher Dobbins pleaded guilty and was ...

The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play. Nearly 500 malicious apps lurking on the Google ...

August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild. Microsoft is urging users to patch a zero-day vulnerability dubbed Dogwalk that is actively being ...

Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets. Microsoft ...

A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren’t connected to the internet. Disconnecting devices from the internet is no longer a solid plan for protecting ...

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. After a recent dip, ransomware attacks are back on the rise. According to data released by ...

A dump of hundreds of thousands of active accounts is aimed at promoting AllWorld.Cards, a recently launched cybercriminal site for selling payment credentials online. Threat actors have leaked 1 ...

Researchers uncovers “ultimate man-in-the-middle attack” that used an elaborate spoofing campaign to fool a Chinese VC firm and rip off an emerging business. Hackers pulled off an elaborate man-in-the ...